---
# Configuration for the pagure webapp

- name: install needed packages
  package: name={{ item }} state=present
  with_items:
  - pagure
  - pagure-ev
  - pagure-logcom
  - pagure-milters
  - pagure-webhook
  - python3-psycopg2
  - redis
  - python3-libsemanage
  - python3-fedora-flask
  - pagure-dist-git
  tags:
  - pagure
  - packages

- name: install needed packages
  package: name={{ item }} state=present
  with_items:
  - pagure-theme-srcfpo
  tags:
  - pagure
  - packages

- name: Set httpd_can_network_connect flag on and keep it persistent across reboots so apache can talk to redis
  seboolean:
    name: httpd_can_network_connect
    state: yes
    persistent: yes

# Set-up stunnel for the event source server

  #- name: install stunnel service definition
  #  copy: src=stunnel.service
  #        dest=/usr/lib/systemd/system/stunnel.service
  #        owner=root group=root mode=0755
  #  notify:
  #  - reload systemd
  #  - restart stunnel
  #  tags:
  #  - pagure
  #  - stunnel

  #- name: ensure old stunnel init file is gone
  #  file: dest=/etc/init.d/stunnel/stunnel.init state=absent
  #  tags:
  #  - pagure
  #  - stunnel
  #  - config

  #- name: install stunnel.conf
  #  template: src={{ item.file }}
  #            dest={{ item.dest }}
  #            owner=root group=root mode=0600
  #  with_items:
  #  - { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf }
  #  notify: restart stunnel
  #  tags:
  #  - pagure
  #  - stunnel
  #  - config

# Set-up Pagure

- name: Create a group pagure we can use
  group: name=pagure
  tags:
  - pagure

- name: Create an user we can run pagure under
  user: name=pagure group=packager append=yes
  tags:
  - pagure

- name: Create the "git" user
  command: useradd --create-home --home-dir=/srv/git/  git
           creates=/srv/git/
  when: env == 'staging'
  tags:
  - pagure

- name: Add the git user to the packager group
  user: name=git group=packager append=yes
  when: env == 'staging'
  tags:
  - pagure

- name: create the /var/log/pagure folder where to store the logs
  file: state=directory
               path=/var/log/pagure
               owner=pagure group=packager mode=u+rwx,g+rwxs,o+rx
  tags:
  - pagure
  - hotfix

- name: create the /srv/tmp folder where to clone repos
  file: state=directory
               path=/srv/tmp
               owner=pagure group=pagure mode=0775
  tags:
  - pagure

- name: copy sundry pagure configuration
  template: src={{ item.file }}
            dest={{ item.location }}/{{ item.file }}
            owner=pagure group=postfix mode=0640
  with_items:
  - { file: pagure.cfg, location: /etc/pagure }
  - { file: alembic.ini, location: /etc/pagure }
  - { file: pagure_plugins.cfg, location: /etc/pagure }
  tags:
  - config
  - web
  - pagure
  notify:
  - restart apache

- name: pagure configuration for the hooks
  template: src={{ item.file }}
            dest={{ item.location }}/{{ item.file }}
            owner=pagure group=packager mode=0640
  with_items:
  - { file: pagure_hook.cfg, location: /etc/pagure }
  tags:
  - config
  - web
  - pagure
  notify:
  - restart apache

- name: create the database scheme
  command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py
  changed_when: "1 != 1"
  environment:
      PAGURE_CONFIG: /etc/pagure/pagure.cfg
  tags:
  - web
  - pagure

- name: create all the directories where we store the git repos
  file: state=directory
               path={{ item }}
               owner=root group=packager mode=2775
  with_items:
  - /srv/git/repositories/
  - /srv/git/repositories/forks
  - /srv/git/repositories/requests
  - /srv/git/repositories/tickets
  tags:
  - gitolite
  - pagure

- name: create the remotes folder so pagure can clone remote repos
  file: state=directory
               path={{ item }}
               owner=root group=packager mode=2775
  with_items:
  - /srv/git/remotes
  tags:
  - gitolite
  - pagure

- name: Install the apache configuration file
  template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
            owner=root group=root mode=0644
  with_items:
  - z_pagure.conf
  tags:
  - files
  - config
  - pagure
  notify:
  - restart apache

- name: Install the wsgi file
  template: src={{ item }}
            dest=/var/www/{{ item }}
            owner=pagure group=pagure mode=0644
  with_items:
  - pagure.wsgi
  tags:
  - config
  - web
  - pagure
  notify:
  - restart apache

- name: Add default facl so apache can read git repos
  acl: default=yes etype=user entity=apache permissions="rx" name=/srv/git state=present
  register: acl_updates
  tags:
  - pagure

- name: Manually fix current default ACLs since Ansible doesnt know recursive acls
  when: acl_updates.changed
  command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
  tags:
  - pagure

- name: Manually fix current ACLs since Ansible doesnt know recursive acls
  when: acl_updates.changed
  command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
  tags:
  - pagure

- name: Override the default pagure_worker.service file to change the user it is run under
  copy: src={{ item }}.service
        dest=/etc/systemd/system/{{ item }}.service
        owner=root group=root mode=0755
  with_items:
  - pagure_ev
  - pagure_logcom
  - pagure_webhook
  - pagure_worker
  notify:
  - reload systemd
  tags:
  - pagure

# Configure SELinux in dist-git/pagure

- import_tasks: selinux.yml
  tags:
  - selinux

# Cron job to export extras information from the pagure DB
- name: Install the apache configuration file for /extras
  copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
             owner=root group=root mode=0644
  with_items:
  - pagure_cron.conf
  tags:
  - files
  - config
  - pagure
  notify:
  - restart apache

- name: create the /srv/cache/extras folder for the crons
  file: state=directory
               path=/srv/cache/extras
               owner=apache group=apache mode=0775
  tags:
  - pagure

- name: Configure cron job for a hourly pagure_poc
  cron:
    name: pagure-poc
    user: root
    minute: 0
    job: /usr/bin/python3 /usr/libexec/pagure-dist-git/pagure_poc.py /srv/cache/extras
    cron_file: pagure-poc
    state: present
  tags:
  - pagure

- name: Configure cron job for a hourly pagure_bz
  cron:
    name: pagure-poc
    user: root
    minute: 0
    job: /usr/bin/python3 /usr/libexec/pagure-dist-git/pagure_bz.py /srv/cache/extras
    cron_file: pagure-bz
    state: present
  tags:
  - pagure

- name: Configure cron job for a hourly pagure_owner_alias
  cron:
    name: pagure-poc
    user: root
    minute: 0
    job: /usr/bin/python3 /usr/libexec/pagure-dist-git/pagure_owner_alias.py /srv/cache/extras
    cron_file: pagure-owner-alias
    state: present
  tags:
  - pagure

# setup fedora-messaging

- name: install fedora-messaging as a dependency
  package: name={{ item }} state=present
  with_items:
  - fedora-messaging
  tags:
  - pagure
  - fedora-messaging

- name: create the config folder for fedora-messaging
  file: path=/etc/fedora-messaging/ owner=root group=root mode=0755 state=directory
  tags:
  - pagure
  - fedora-messaging

- name: install the configuration file for fedora-messaging
  template:
      src=fedora-messaging.toml
      dest=/etc/fedora-messaging/config.toml
  tags:
  - pagure
  - fedora-messaging

- name: create folder where we'll place the certs
  file: path=/etc/pki/rabbitmq/pagurecert/ owner=root group=root mode=0755 state=directory
  tags:
  - pagure
  - fedora-messaging

- name: deploy pagure/rabbitmq certificate
  copy: src={{ item.src }}
        dest=/etc/pki/rabbitmq/pagurecert/{{ item.dest }}
        owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}
  with_items:
    - src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/pagure{{ env_suffix }}.crt"
      dest: src.fp.o.crt
      owner: pagure
      group: packager
      mode: "444"
    - src: "{{private}}/files/rabbitmq/{{env}}/pki/private/pagure{{ env_suffix }}.key"
      dest: src.fp.o.key
      owner: pagure
      group: packager
      mode: "440"
    - src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
      dest: src.fp.o.ca
      owner: pagure
      group: packager
      mode: "444"
  tags:
  - pagure
  - fedora-messaging


# Ensure all the services are up and running

- name: Start and enable httpd, postfix, pagure_milter
  service: name={{ item }} enabled=yes state=started
  with_items:
  - httpd
  - postfix
#  - stunnel
  - redis
  - pagure_ev
  - pagure_logcom
#  - pagure_milter
  - pagure_webhook
  - pagure_worker
#  - pagure_api_key_expire_mail
#  - pagure_api_key_expire_mail.timer
  tags:
  - pagure
  - service
  - postfix

- name: Add SAR script for pagure
  copy: src={{ roles_path }}/pagure/files/pagure_sar.py
        dest=/usr/local/bin/pagure_sar.py
        owner=root mode=0700
  tags:
  - SAR
  - GDPR
  - pagure

- name: override the default syslog logrotate file
  copy: src=syslog-logrotate dest=/etc/logrotate.d/syslog
  tags:
  - pagure
  - logrotate
